CVE-2022-27001

Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

PT-2022-18178 · Arris · Arris Tr3300

Name of the Vulnerable Software and Affected Versions: Arris TR3300 version 1.0.13 Description: A command injection issue was found in the dhcp function via the hostname parameter, allowing attackers to execute arbitrary commands through a crafted request. Recommendations: For Arris TR3300 versio...

PT-2022-18181 · Totolink · Totolink A7000R +1

Name of the Vulnerable Software and Affected Versions: Totolink routers X5000R version 9.1.0u.6118 B20201102 Totolink routers A7000R version 9.1.0u.6115 B20201022 Description: A command injection issue was discovered in the setWanCfg function via the hostName parameter, allowing attackers to...

Tenda G1 and G3 Command Injection Vulnerability (CNVD-2022-16176)

The Tenda G1 and G3 are routers from the Chinese company Tenda. A command injection vulnerability exists in the Tenda G1 and G3, which can be exploited to execute arbitrary commands via the hostName parameter...

CVE-2021-45987

Tenda routers G1 and G3 v15.11.0.179502CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter...

Command injection

Tenda routers G1 and G3 v15.11.0.179502CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter...

Tenda G1 and G3 操作系统命令注入漏洞

The Tenda G1 and G3 are routers from the Chinese company Tenda. A command injection vulnerability exists in the Tenda G1 and G3, which can be exploited to execute arbitrary commands via the hostName parameter...

CVE-2019-18860

Squid before 4.9, when certain web browsers are used, mishandles HTML in the host aka hostname parameter to cachemgr.cgi...

CVE-2019-18860

Squid before 4.9, when certain web browsers are used, mishandles HTML in the host aka hostname parameter to cachemgr.cgi...

IBM Spectrum Protect Plus hostname Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM Spectrum Protect Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative Console Framework service. When parsing the hostname...

CVE-2019-20072

CVE-2019-20072 corresponds to a cross-site scripting vulnerability in Netis DL4323 devices, exploitable via the hostname parameter in form2Ddns.cgi used for Dynamic DNS configuration. The issue stems from insufficient input validation in the web application, enabling execution of arbitrary client...

CVE-2018-13375

An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in...

CVE-2018-13375

An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in...

dotCMS Open Redirect Vulnerability

dotCMS is a content management system CMS from the United States dotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A security vulnerability exists in dotCMS versions prior to 5.0.2. An attacker can exploit this vulnerability to...

CVE-2018-17422

dotCMS before 5.0.2 has open redirects via the html/common/forwardjs.jsp FORWARDURL parameter or the html/portlet/ext/common/pagepreviewpopup.jsp hostname parameter...

Cacti cross-site scripting vulnerability (CNVD-2019-14553)

Cacti is an open source, web-based network monitoring and mapping tool, a front-end application designed for the data logging tool RRDtool. A cross-site scripting vulnerability exists in the 'Website Hostname' parameter of the host.php file in versions of Cacti prior to 1.2.0, which stems from th...

CVE-2018-6333

The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This iss...

CVE-2018-6333

The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This iss...

Zyxel VMG3312-B10B cross-site scripting vulnerability (CNVD-2018-17658)

The Zyxel VMG3312 B10B is an Internet access gateway device from Hopkins ZyXEL Technology. A cross-site scripting vulnerability exists in the Zyxel VMG3312 B10B. A remote attacker can exploit this vulnerability by sending the 'hostname' parameter to the...

Cross site scripting

Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter...